<head><title>Please wait ...</title>
<script type="text/javascript">
<!--
function fail(message){
	alert(message);
	self.location.href="/index.html";
}
//-->
</script>
</head>
<?php
$con=mysql_connect("localhost","William");

if (!$con){
	die("MySQL Error " . mysql_error());
}
mysql_select_db("osa", $con);
$success=false;
$user=$_REQUEST["user"];
$query=mysql_query("SELECT * FROM user WHERE username='$user'",$con);
if(!$query) die("MySQL Error " . mysql_error());
$row=mysql_fetch_array($query);
if(!$row) echo "<body onLoad='fail(\"No such user\")' />";
else if($row["password"]!=$_REQUEST["pwd"]) echo "<body onLoad='fail(\"Incorrect password!\")' />";
else{ // insert into onlineuser table
	$UID=$row["UID"];
	$IP=$_SERVER["REMOTE_ADDR"];
	$query=mysql_query("SELECT * FROM onlineuser WHERE UID=$UID OR loginIP='$IP'");
	if(!$query) die("MySQL Error " . mysql_error());
	$row=mysql_fetch_array($query);
	if(!$row){
		$query=mysql_query("INSERT INTO onlineuser VALUES ($UID, now(),'$IP')");
		if(!$query) die("MySQL Error " . mysql_error());
	}else{
		$query=mysql_query("UPDATE onlineuser SET UID=$UID,logintime=now(),loginIP='$IP' WHERE UID=$UID OR loginIP='$IP'");
		if(!$query) die("MySQL Error " . mysql_error());
	}
	$success=true;
}
if($success){
	echo "<body onLoad='self.location.href=\"/php/main.php\"'>Login success...Redirecting to main page ...</body>";
}
mysql_close($con);
?>
